diff options
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/conn.c | 22 | ||||
| -rw-r--r-- | source3/smbd/fake_file.c | 68 | ||||
| -rw-r--r-- | source3/smbd/lanman.c | 9 | ||||
| -rw-r--r-- | source3/smbd/mangle_hash.c | 11 | ||||
| -rw-r--r-- | source3/smbd/message.c | 13 | ||||
| -rw-r--r-- | source3/smbd/msdfs.c | 28 | ||||
| -rw-r--r-- | source3/smbd/negprot.c | 5 | ||||
| -rw-r--r-- | source3/smbd/ntquotas.c | 29 | ||||
| -rw-r--r-- | source3/smbd/nttrans.c | 2 | ||||
| -rw-r--r-- | source3/smbd/process.c | 12 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 3 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 24 |
12 files changed, 100 insertions, 126 deletions
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 159b232b5f..5c75ed719e 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -85,28 +85,6 @@ connection_struct *conn_find(unsigned cnum) } /**************************************************************************** - Find a conn given a service name. -****************************************************************************/ - -connection_struct *conn_find_byname(const char *service) -{ - connection_struct *conn; - - for (conn=Connections;conn;conn=conn->next) { - if (strequal(lp_servicename(SNUM(conn)),service)) { - if (conn != Connections) { - /* Promote if not first. */ - DLIST_PROMOTE(Connections, conn); - } - return conn; - } - } - - return NULL; -} - - -/**************************************************************************** find first available connection slot, starting from a random position. The randomisation stops problems with the server dieing and clients thinking the server is still available. diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 0a54c85cd0..565b557dd3 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -21,52 +21,52 @@ extern struct current_user current_user; -static FAKE_FILE fake_files[] = { +struct fake_file_type { + const char *name; + enum FAKE_FILE_TYPE type; + void *(*init_pd)(TALLOC_CTX *mem_ctx); +}; + +static struct fake_file_type fake_files[] = { #ifdef WITH_QUOTAS - {FAKE_FILE_NAME_QUOTA_UNIX, FAKE_FILE_TYPE_QUOTA, init_quota_handle, destroy_quota_handle}, + {FAKE_FILE_NAME_QUOTA_UNIX, FAKE_FILE_TYPE_QUOTA, init_quota_handle}, #endif /* WITH_QUOTAS */ - {NULL, FAKE_FILE_TYPE_NONE, NULL, NULL } + {NULL, FAKE_FILE_TYPE_NONE, NULL} }; /**************************************************************************** Create a fake file handle ****************************************************************************/ -static struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type) +static struct fake_file_handle *init_fake_file_handle(enum FAKE_FILE_TYPE type) { - TALLOC_CTX *mem_ctx = NULL; - FAKE_FILE_HANDLE *fh = NULL; + struct fake_file_handle *fh = NULL; int i; - for (i=0;fake_files[i].name!=NULL;i++) { + for (i=0; fake_files[i].name!=NULL; i++) { if (fake_files[i].type==type) { - DEBUG(5,("init_fake_file_handle: for [%s]\n",fake_files[i].name)); - - if ((mem_ctx=talloc_init("fake_file_handle"))==NULL) { - DEBUG(0,("talloc_init(fake_file_handle) failed.\n")); - return NULL; - } + break; + } + } - if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) { - DEBUG(0,("TALLOC_ZERO() failed.\n")); - talloc_destroy(mem_ctx); - return NULL; - } + if (fake_files[i].name == NULL) { + return NULL; + } - fh->type = type; - fh->mem_ctx = mem_ctx; + DEBUG(5,("init_fake_file_handle: for [%s]\n",fake_files[i].name)); - if (fake_files[i].init_pd) { - fh->pd = fake_files[i].init_pd(fh->mem_ctx); - } + fh = talloc(NULL, struct fake_file_handle); + if (fh == NULL) { + DEBUG(0,("TALLOC_ZERO() failed.\n")); + return NULL; + } - fh->free_pd = fake_files[i].free_pd; + fh->type = type; - return fh; - } + if (fake_files[i].init_pd) { + fh->private_data = fake_files[i].init_pd(fh); } - - return NULL; + return fh; } /**************************************************************************** @@ -147,18 +147,12 @@ NTSTATUS open_fake_file(connection_struct *conn, return NT_STATUS_OK; } -void destroy_fake_file_handle(FAKE_FILE_HANDLE **fh) +void destroy_fake_file_handle(struct fake_file_handle **fh) { - if (!fh||!(*fh)) { + if (!fh) { return; } - - if ((*fh)->free_pd) { - (*fh)->free_pd(&(*fh)->pd); - } - - talloc_destroy((*fh)->mem_ctx); - (*fh) = NULL; + TALLOC_FREE(*fh); } NTSTATUS close_fake_file(files_struct *fsp) diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 413b916f7b..d6c76c54c1 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1896,6 +1896,7 @@ static bool api_RNetShareAdd(connection_struct *conn,uint16 vuid, unsigned int offset; int snum; int res = ERRunsup; + size_t converted_size; if (!str1 || !str2 || !p) { return False; @@ -1956,7 +1957,13 @@ static bool api_RNetShareAdd(connection_struct *conn,uint16 vuid, return False; } - pull_ascii_talloc(talloc_tos(), &pathname, offset? (data+offset) : ""); + if (!pull_ascii_talloc(talloc_tos(), &pathname, + offset ? (data+offset) : "", &converted_size)) + { + DEBUG(0,("api_RNetShareAdd: pull_ascii_talloc failed: %s", + strerror(errno))); + } + if (!pathname) { return false; } diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 1dc9c67dcc..69ecf77834 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -294,8 +294,7 @@ static bool is_8_3(const char *fname, bool check_case, bool allow_wildcards, if (strlen(f) > 12) return False; - size = push_ucs2_allocate(&ucs2name, f); - if (size == (size_t)-1) { + if (!push_ucs2_allocate(&ucs2name, f, &size)) { DEBUG(0,("is_8_3: internal error push_ucs2_allocate() failed!\n")); goto done; } @@ -604,9 +603,11 @@ static bool must_mangle(const char *name, { smb_ucs2_t *name_ucs2 = NULL; NTSTATUS status; + size_t converted_size; + magic_char = lp_magicchar(p); - if (push_ucs2_allocate(&name_ucs2, name) == (size_t)-1) { + if (!push_ucs2_allocate(&name_ucs2, name, &converted_size)) { DEBUG(0, ("push_ucs2_allocate failed!\n")); return False; } @@ -637,12 +638,14 @@ static bool hash_name_to_8_3(const char *in, const struct share_params *p) { smb_ucs2_t *in_ucs2 = NULL; + size_t converted_size; + magic_char = lp_magicchar(p); DEBUG(5,("hash_name_to_8_3( %s, cache83 = %s)\n", in, cache83 ? "True" : "False")); - if (push_ucs2_allocate(&in_ucs2, in) == (size_t)-1) { + if (!push_ucs2_allocate(&in_ucs2, in, &converted_size)) { DEBUG(0, ("push_ucs2_allocate failed!\n")); return False; } diff --git a/source3/smbd/message.c b/source3/smbd/message.c index a870f03df9..62df5c37eb 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -45,7 +45,7 @@ static void msg_deliver(struct msg_state *state) int i; int fd; char *msg; - int len; + size_t len; ssize_t sz; fstring alpha_buf; char *s; @@ -72,18 +72,17 @@ static void msg_deliver(struct msg_state *state) * Incoming message is in DOS codepage format. Convert to UNIX. */ - len = convert_string_talloc( - talloc_tos(), CH_DOS, CH_UNIX, state->msg, - talloc_get_size(state->msg), (void *)&msg, true); - - if (len == -1) { + if (!convert_string_talloc(talloc_tos(), CH_DOS, CH_UNIX, state->msg, + talloc_get_size(state->msg), (void *)&msg, + &len, true)) { DEBUG(3, ("Conversion failed, delivering message in DOS " "codepage format\n")); msg = state->msg; } for (i = 0; i < len; i++) { - if ((msg[i] == '\r') && (i < (len-1)) && (msg[i+1] == '\n')) { + if ((msg[i] == '\r') && + (i < (len-1)) && (msg[i+1] == '\n')) { continue; } sz = write(fd, &msg[i], 1); diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 04b9b7deaa..e4760ec461 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -36,13 +36,17 @@ extern uint32 global_client_caps; SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES bit and then send a local path, we have to cope with that too.... + If conn != NULL then ensure the provided service is + the one pointed to by the connection. + This version does everything using pointers within one copy of the pathname string, talloced on the struct dfs_path pointer (which must be talloced). This may be too clever to live.... JRA. **********************************************************************/ -static NTSTATUS parse_dfs_path(const char *pathname, +static NTSTATUS parse_dfs_path(connection_struct *conn, + const char *pathname, bool allow_wcards, struct dfs_path *pdp, /* MUST BE TALLOCED */ bool *ppath_contains_wcard) @@ -136,7 +140,10 @@ static NTSTATUS parse_dfs_path(const char *pathname, } /* Is this really our servicename ? */ - if (NULL == conn_find_byname(servicename)) { + if (conn && !( strequal(servicename, lp_servicename(SNUM(conn))) + || (strequal(servicename, HOMES_NAME) + && strequal(lp_servicename(SNUM(conn)), + get_current_username()) )) ) { DEBUG(10,("parse_dfs_path: %s is not our servicename\n", servicename)); @@ -624,7 +631,7 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx, return NT_STATUS_NO_MEMORY; } - status = parse_dfs_path(path_in, search_wcard_flag, pdp, + status = parse_dfs_path(conn, path_in, search_wcard_flag, pdp, ppath_contains_wcard); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(pdp); @@ -665,17 +672,6 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx, return NT_STATUS_OK; } - if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn))) - || (strequal(pdp->servicename, HOMES_NAME) - && strequal(lp_servicename(SNUM(conn)), - get_current_username()) )) ) { - - /* The given sharename doesn't match this connection. */ - TALLOC_FREE(pdp); - - return NT_STATUS_OBJECT_PATH_NOT_FOUND; - } - status = dfs_path_lookup(ctx, conn, path_in, pdp, search_wcard_flag, NULL, NULL); if (!NT_STATUS_IS_OK(status)) { @@ -759,7 +755,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, *self_referralp = False; - status = parse_dfs_path(dfs_path, False, pdp, &dummy); + status = parse_dfs_path(NULL, dfs_path, False, pdp, &dummy); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1245,7 +1241,7 @@ bool create_junction(TALLOC_CTX *ctx, if (!pdp) { return False; } - status = parse_dfs_path(dfs_path, False, pdp, &dummy); + status = parse_dfs_path(NULL, dfs_path, False, pdp, &dummy); if (!NT_STATUS_IS_OK(status)) { return False; } diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 9f56949eeb..84f111fb02 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -516,6 +516,7 @@ void reply_negprot(struct smb_request *req) int num_cliprotos; char **cliprotos; int i; + size_t converted_size; static bool done_negprot = False; @@ -555,8 +556,8 @@ void reply_negprot(struct smb_request *req) cliprotos = tmp; - if (pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p) - == (size_t)-1) { + if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p, + &converted_size)) { DEBUG(0, ("pull_ascii_talloc failed\n")); TALLOC_FREE(cliprotos); reply_nterror(req, NT_STATUS_NO_MEMORY); diff --git a/source3/smbd/ntquotas.c b/source3/smbd/ntquotas.c index fcccf9d9fc..c616c494dc 100644 --- a/source3/smbd/ntquotas.c +++ b/source3/smbd/ntquotas.c @@ -222,6 +222,13 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list) return 0; } +static int quota_handle_destructor(SMB_NTQUOTA_HANDLE *handle) +{ + if (handle->quota_list) + free_ntquota_list(&handle->quota_list); + return 0; +} + void *init_quota_handle(TALLOC_CTX *mem_ctx) { SMB_NTQUOTA_HANDLE *qt_handle; @@ -235,24 +242,6 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx) return NULL; } - return (void *)qt_handle; -} - -void destroy_quota_handle(void **pqt_handle) -{ - SMB_NTQUOTA_HANDLE *qt_handle = NULL; - if (!pqt_handle||!(*pqt_handle)) - return; - - qt_handle = (SMB_NTQUOTA_HANDLE *)(*pqt_handle); - - - if (qt_handle->quota_list) - free_ntquota_list(&qt_handle->quota_list); - - qt_handle->quota_list = NULL; - qt_handle->tmp_list = NULL; - qt_handle = NULL; - - return; + talloc_set_destructor(qt_handle, quota_handle_destructor); + return (void *)qt_handle; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index b5546ea1e1..cbe1299cf7 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2065,7 +2065,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn, /* the NULL pointer checking for fsp->fake_file_handle->pd * is done by CHECK_NTQUOTA_HANDLE_OK() */ - qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->pd; + qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->private_data; level = SVAL(params,2); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index ab737a89a7..c8ad19dd15 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -252,6 +252,8 @@ static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx, timeout, toread); if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("receive_smb_raw_talloc_partial_read: %s\n", + nt_errstr(status))); return status; } } @@ -282,14 +284,8 @@ static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd, smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */ !srv_is_signing_active()) { - status = receive_smb_raw_talloc_partial_read( - mem_ctx, lenbuf, fd, buffer, timeout, p_unread, &len); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("receive_smb_raw: %s\n", - nt_errstr(status))); - return status; - } + return receive_smb_raw_talloc_partial_read( + mem_ctx, lenbuf, fd, buffer, timeout, p_unread, plen); } if (!valid_packet_size(len)) { diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 5b00403140..041596b953 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1352,6 +1352,9 @@ static int shutdown_other_smbds(struct db_record *rec, return 0; } + DEBUG(0,("shutdown_other_smbds: shutting down pid %d " + "(IP %s)\n", procid_to_pid(&crec->pid), ip)); + messaging_send(smbd_messaging_context(), crec->pid, MSG_SHUTDOWN, &data_blob_null); return 0; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d5435533f9..72688bbd66 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -178,7 +178,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, char *p; char **names, **tmp; size_t num_names; - ssize_t sizeret; + ssize_t sizeret = -1; if (!lp_ea_support(SNUM(conn))) { *pnames = NULL; @@ -504,7 +504,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, const char *fname, s static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size) { struct ea_list *ea_list_head = NULL; - size_t offset = 0; + size_t converted_size, offset = 0; while (offset + 2 < data_size) { struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list); @@ -522,7 +522,11 @@ static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, siz if (pdata[offset + namelen] != '\0') { return NULL; } - pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset]); + if (!pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset], + &converted_size)) { + DEBUG(0,("read_ea_name_list: pull_ascii_talloc " + "failed: %s", strerror(errno))); + } if (!eal->ea.name) { return NULL; } @@ -544,6 +548,7 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list); uint16 val_len; unsigned int namelen; + size_t converted_size; if (!eal) { return NULL; @@ -565,7 +570,10 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da if (pdata[namelen + 4] != '\0') { return NULL; } - pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4); + if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) { + DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s", + strerror(errno))); + } if (!eal->ea.name) { return NULL; } @@ -3665,10 +3673,10 @@ static NTSTATUS marshall_stream_info(unsigned int num_streams, size_t namelen; smb_ucs2_t *namebuf; - namelen = push_ucs2_talloc(talloc_tos(), &namebuf, - streams[i].name); - - if ((namelen == (size_t)-1) || (namelen <= 2)) { + if (!push_ucs2_talloc(talloc_tos(), &namebuf, + streams[i].name, &namelen) || + namelen <= 2) + { return NT_STATUS_INVALID_PARAMETER; } |